<?php
// <copyright file="AuthenticationType.cs" company="NQtec">
// Copyright (c) 2008, 2009 All Right Reserved, http://www.dqer.com/
// Copyright (c) 2008, 2009 All Right Reserved, http://www.nqtec.com/
//
// This source is part of the DQER library that released under the LGPL.
// Please see the License.txt file for more information.
// All other rights reserved.
//
// THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY 
// KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
// PARTICULAR PURPOSE.
//
// </copyright>
// <author>Victor Gatkov</author>
// <email>v.gatkov@nqtec.com</email>
// <email>info@dqer.com</email>
// <date>2008-09-11</date>
// <summary>Contains a base, abstract class for an AuthorisationPolicyProvider</summary>

class Clear {

//   var $ts;

   function Clear() {
//      $this->startSession();
   }

function all($data) {

 $data   = $this->remove_xss($data);
 $data   = $this->basic_replace($data);
 $data   = $this->all_ascii($data);
 $data   = $this->cleanhtml($data);
 $data   = $this->naughtyfilter($data);
 $data   = $this->html2txt($data);
 $data   = $this->streep($data);
 if(defined('DB_ACTIVE')) $data   = mysql_real_escape_string($data);

 return $data;
}

function scheld($tekst) {
    $woorden = array('woorden','die','niet','mogen');
    foreach($woorden as $woord) {
        $tekst = str_replace($woord,"***",$tekst);
    }
return $tekst;
}

function streep($qa) {
 $qa = str_replace("</","",$qa);
 $qa = str_replace("<","",$qa);
 $qa = str_replace(">","",$qa);
 $qa = str_replace("/","",$qa);
 $qa = str_replace("\r","",$qa);
 $qa = str_replace("\n","",$qa);
 return $qa;
}

function basic_replace($qa) {
 $qa = str_replace("'","''",$qa);
 $qa = str_replace("\"","''",$qa);
 $qa = str_replace("{","*",$qa);
 $qa = str_replace("<","*",$qa);
 $qa = str_replace("}","*",$qa);
 $qa = str_replace(">","*",$qa);
 $qa = str_replace("^","*",$qa);
// $qa = str_replace("@","*",$qa);
 $qa = str_replace("#","*",$qa);
 $qa = str_replace("--","*",$qa);
 $qa = str_replace("|","*",$qa);
 $qa = str_replace("~","*",$qa);
return $qa;
}

function naughtyfilter($qa) {

 $qa = str_replace("viagra","***",$qa);
 $qa = str_replace("v i a g r a","***",$qa);
 $qa = str_replace("casino","***",$qa);
 $qa = str_replace("c a s i n o","***",$qa);
 $qa = str_replace("pocker","***",$qa);
 $qa = str_replace("p o c k e r","***",$qa);

return $qa;
}

// ---------------------------------------------------------------------------------------------



function all_ascii( $stringIn ){
   $final = '';
   $search = array(chr(145),chr(146),chr(147),chr(148),chr(150),chr(151));
   $replace = array("'","'",'"','"','-','-');

   $hold = str_replace($search[0],$replace[0],$stringIn);
   $hold = str_replace($search[1],$replace[1],$hold);
   $hold = str_replace($search[2],$replace[2],$hold);
   $hold = str_replace($search[3],$replace[3],$hold);
   $hold = str_replace($search[4],$replace[4],$hold);
   $hold = str_replace($search[5],$replace[5],$hold);

   if(!function_exists('str_split')){
       function str_split($string,$split_length=1){
           $count = strlen($string);
           if($split_length < 1){
               return false;
           } elseif($split_length > $count){
               return array($string);
           } else {
               $num = (int)ceil($count/$split_length);
               $ret = array();
               for($i=0;$i<$num;$i++){
                   $ret[] = substr($string,$i*$split_length,$split_length);
               }
               return $ret;
           }
       }
   }

   $holdarr = str_split($hold);
   foreach ($holdarr as $val) {
       if (ord($val) < 128) $final .= $val;
   }
   return $final;
}

function html2txt($document){
$search = array('@<script[^>]*?>.*?</script>@si',  // Strip out javascript
               '@<[\/\!]*?[^<>]*?>@si',            // Strip out HTML tags
               '@<style[^>]*?>.*?</style>@siU',    // Strip style tags properly
               '@<![\s\S]*?--[ \t\n\r]*>@'        // Strip multi-line comments including CDATA
);
$text = preg_replace($search, '', $document);
return $text;
}

// ---------------------------------------------------------------------------------------------

function remove_xss2($string) {
  $string = str_replace ( '%22', '', $string );
  $string = str_replace ( '&lt;', '', $string );
return $string;
}

// ---------------------------------------------------------------------------------------------

function remove_xss($val) {
   // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
   $val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val);
   
   // straight replacements, the user should never need these since they're normal characters
   // this prevents like <IMG SRC=&#X40&#X61&#X76&#X61&#X73&#X63&#X72&#X69&#X70&#X74&#X3A&#X61&#X6C&#X65&#X72&#X74&#X28&#X27&#X58&#X53&#X53&#X27&#X29>
   $search = 'abcdefghijklmnopqrstuvwxyz';
   $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
   $search .= '1234567890!@#$%^&*()';
   $search .= '~`";:?+/={}[]-_|\'\\';
   for ($i = 0; $i < strlen($search); $i++) {
      // ;? matches the ;, which is optional
      // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars
   
      // &#x0040 @ search for the hex values
      $val = preg_replace('/(&#[x|X]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;
      // &#00064 @ 0{0,7} matches '0' zero to seven times
      $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;
   }
   
   // now the only remaining whitespace attacks are \t, \n, and \r
   $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
   $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
   $ra = array_merge($ra1, $ra2);
   
   $found = true; // keep replacing as long as the previous round replaced something
   while ($found == true) {
      $val_before = $val;
      for ($i = 0; $i < sizeof($ra); $i++) {
         $pattern = '/';
         for ($j = 0; $j < strlen($ra[$i]); $j++) {
            if ($j > 0) {
               $pattern .= '(';
               $pattern .= '(&#[x|X]0{0,8}([9][a][b]);?)?';
               $pattern .= '|(&#0{0,8}([9][10][13]);?)?';
               $pattern .= ')?';
            }
            $pattern .= $ra[$i][$j];
         }
         $pattern .= '/i';
         $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag
         $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
         if ($val_before == $val) {
            // no replacements were made, so exit the loop
            $found = false;
         }
      }
   }
return $val;
}

function cleanhtml($string) {
        if (get_magic_quotes_gpc()) {
            $string = stripslashes($string);
        }
        $string = str_replace(array("&amp;","&lt;","&gt;"),array("&amp;amp;","&amp;lt;","&amp;gt;",),$string);
        // fix &entitiy\n;
        
        $string = preg_replace('#(&\#*\w+)[\x00-\x20]+;#u',"$1;",$string);
        $string = preg_replace('#(&\#x*)([0-9A-F]+);*#iu',"$1$2;",$string);
//        $string = html_entity_decode($string, ENT_COMPAT, "UTF-8");
        
        // remove any attribute starting with "on" or xmlns
        $string = preg_replace('#(<[^>]+[\x00-\x20\"\'])(on|xmlns)[^>]*>#iUu',"$1>",$string);
        // remove javascript: and vbscript: protocol
        $string = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu','$1=$2nojavascript...',$string);
        $string = preg_replace('#([a-z]*)[\x00-\x20]*=([\'\"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu','$1=$2novbscript...',$string);
        $string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*expression[\x00-\x20]*\([^>]*>#iU',"$1>",$string);
        $string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*behaviour[\x00-\x20]*\([^>]*>#iU',"$1>",$string);
        $string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iUu',"$1>",$string);
        //remove namespaced elements (we do not need them...)
        $string = preg_replace('#</*\w+:\w[^>]*>#i',"",$string);
        //remove really unwanted tags
        do {
            $oldstring = $string;
            $string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$string);
        } while ($oldstring != $string);
return $string;
}


};
//$clear = new Clear;
?>
